Dev: Fixed issue : limereplacementfields is empty wit popup editor

Dev : 4438de1 child

application/controllers/admin/htmleditor_pop.php

@@ -19,37 +19,28 @@ class htmleditor_pop extends Survey_Common_Action
     function index()
     {
         Yii::app()->loadHelper('admin/htmleditor');
-        $ckLanguage = sTranslateLangCode2CK(Yii::app()->session['adminlang']);
-
-        $aData['sFieldName'] = $sFieldName = sanitize_paranoid_string(App()->request->getQuery('name'));// The fieldname : an input name
-        $aData['sFieldText'] = $sFieldText = CHtml::encode(App()->request->getQuery('text')); // Not text : is description of the window
-        $aData['sFieldType'] = $sFieldType = sanitize_paranoid_string(App()->request->getQuery('type')); // Type of field : welcome email_invite question ....
-        $aData['sAction'] = $sAction = sanitize_paranoid_string(App()->request->getQuery('action'));
-        $aData['iSurveyId'] = $iSurveyId = sanitize_int(App()->request->getQuery('sid',0));
-        $aData['iGroupId'] = $iGroupId = sanitize_int(App()->request->getQuery('gid',0));
-        $aData['iQuestionId'] = $iQuestionId = sanitize_int(App()->request->getQuery('qid',0));
-        $sLanguage = sanitize_paranoid_string(App()->request->getQuery('lang')); // Not used : take the content with input name
-
-
-        //~ if (get_magic_quotes_gpc())
-            //~ $aData['sFieldText'] = $sFieldText = stripslashes($sFieldText);
-        //~ else
-            //~ $aData['sFieldText'] = $sFieldText;
-
-        if (!$sFieldName || !$sFieldText)
+        $aData = array(
+            'ckLanguage' => sTranslateLangCode2CK(Yii::app()->session['adminlang']),
+            'sFieldName' => sanitize_xss_string(App()->request->getQuery('name')),// The fieldname : an input name
+            'sFieldText' => sanitize_xss_string(App()->request->getQuery('text')), // Not text : is description of the window
+            'sFieldType' => sanitize_xss_string(App()->request->getQuery('type')), // Type of field : welcome email_invite question ....
+            'sAction' => sanitize_paranoid_string(App()->request->getQuery('action')),
+            'iSurveyId' => sanitize_int(App()->request->getQuery('sid',0)),
+            'iGroupId' => sanitize_int(App()->request->getQuery('gid',0)),
+            'iQuestionId'=> sanitize_int(App()->request->getQuery('qid',0)),
+        );
+        if (!$aData['sFieldName'])
         {
             $this->getController()->render('/admin/htmleditor/pop_nofields_view', $aData);
         }
         else
         {
-            $aData['sControlIdEna'] = $sFieldName . '_popupctrlena';
-            $aData['sControlIdDis'] = $sFieldName . '_popupctrldis';
-            $aData['ckLanguage'] = $ckLanguage;
-
+            $aData['sControlIdEna'] = $aData['sFieldName'] . '_popupctrlena';
+            $aData['sControlIdDis'] = $aData['sFieldName'] . '_popupctrldis';
             $aData['toolbarname'] = 'popup';
             $aData['htmlformatoption'] = '';
 
-            if (in_array($sFieldType, array('email-inv', 'email-reg', 'email-conf', 'email-rem')))
+            if (in_array($aData['sFieldType'], array('email-inv', 'email-reg', 'email-conf', 'email-rem')))
             {
                 $aData['htmlformatoption'] = ',fullPage:true';
             }

application/controllers/admin/limereplacementfields.php

@@ -16,35 +16,19 @@ class limereplacementfields extends Survey_Common_Action
 
     public function index()
     {
-        if (isset($_GET['surveyid'])) {
-            $surveyid = sanitize_int($_GET['surveyid']);
-        }
-        if (isset($_GET['gid'])) {
-            $gid = sanitize_int($_GET['gid']);
-        }
-        if (isset($_GET['qid'])) {
-            $qid = sanitize_int($_GET['qid']);
-        }
-        if (isset($_GET['fieldtype'])) {
-            $fieldtype = $_GET['fieldtype'];
-        }
-        if (isset($_GET['action'])) {
-            $action = $_GET['action'];
-        }
-
-
-
-        if (!Yii::app()->session['loginID']) {
-            die ("Unauthenticated Access Forbiden");
+        $surveyid = intval(App()->request->getQuery('surveyid'));
+        $gid = intval(App()->request->getQuery('gid'));
+        $qid = intval(App()->request->getQuery('qid'));
+        $fieldtype = sanitize_xss_string(App()->request->getQuery('fieldtype'));
+        $action = sanitize_xss_string(App()->request->getQuery('action'));
+        if (!Yii::app()->session['loginID'])
+        {
+            throw new CHttpException(401);
         }
-
         list($replacementFields, $isInstertAnswerEnabled) = $this->_getReplacementFields($fieldtype, $surveyid);
 
-        if ($isInstertAnswerEnabled === true) {
-            if (empty($surveyid)) {
-                safeDie("No SID provided.");
-            }
-
+        if ($isInstertAnswerEnabled === true)
+        {
             //2: Get all other questions that occur before this question that are pre-determined answer types
             $fieldmap = createFieldMap($surveyid,'full',false,false,getBaseLanguageFromSurveyID($surveyid));
 
@@ -197,7 +181,8 @@ private function _getReplacementFields($fieldtype, $surveyid)
     {
 
         $replFields = array();
-
+        if(!$surveyid)
+            return array($replFields, false);
         switch ($fieldtype)
         {
             case 'survey-desc':
@@ -221,7 +206,7 @@ private function _getReplacementFields($fieldtype, $surveyid)
                 return array($replFields, false);
 
             case 'email-admin_notification':
-			case 'email-admin_detailed_notification':
+            case 'email-admin_detailed_notification':
                 $replFields[] = array('RELOADURL', gT("Reload URL"));
                 $replFields[] = array('VIEWRESPONSEURL', gT("View response URL"));
                 $replFields[] = array('EDITRESPONSEURL', gT("Edit response URL"));